Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1208574

Summary: not able to run rolekit on fresh f22 server ppc64le image installed
Product: [Fedora] Fedora Reporter: Menanteau Guy <menantea>
Component: rolekitAssignee: Thomas Woerner <twoerner>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: dan, jcajka, sgallagh, twoerner
Target Milestone: ---   
Target Release: ---   
Hardware: ppc64le   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-04-09 15:22:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1051573, 1206039    

Description Menanteau Guy 2015-04-02 14:46:44 UTC 
I am trying to test 
https://fedoraproject.org/wiki/QA:Testcase_realmd_join_kickstart
on f22 ppc64le server Alpha image
https://dl.fedoraproject.org/pub/fedora-secondary/releases/test/22_Alpha/Server/

After checking rolekit package is installed, I tried to run a
rolectl deploy command.
This rolectl command failed reporting in traces that pki-ca package is needed but not installed.

I suspect this pki-ca package must be part of a server image as rolekit it is.
If I install pki-ca and then run again a rolectl I have the same problem with mod_nss package missing.
Comment 1 Stephen Gallagher 2015-04-02 15:09:08 UTC 
Can you provide more information. I'm guessing that you attempted to do a domain controller deployment, which should have installed the necessary packages. It's possible that FreeIPA isn't supported on ppc64le fully yet.
Comment 2 Dan Horák 2015-04-03 12:07:29 UTC 
Fedora for ppc64/ppc64le should be fairly complete, so we will retest with the latest F22 Beta.
Comment 3 Jakub Čajka 2015-04-09 14:59:12 UTC 
"
rolekit deploy databaseserver
Deployment can take a long time. To monitor the progress, run 
journalctl -ef -u rolekit
Error: INVALID_VALUE: Database name unset
"

"journactl -ef -u rolekit" output(time-stamp and host-name omitted):

"
roled[3529]: 2015-04-09 15:56:01 ERROR: warning: /var/cache/dnf/ppc64le/22/fedora/packages/postgresql-server-9.4.1-1.fc22.ppc64le.rpm: Header V3 RSA/SHA1 Signature, key ID a29cb19c: NOKEY
roled[3529]: 2015-04-09 15:56:03 ERROR: Importing GPG key 0xA29CB19C:
roled[3529]: 2015-04-09 15:56:03 ERROR:  Userid     : "Fedora Secondary (22) <fedora>"
roled[3529]: 2015-04-09 15:56:03 ERROR:  Fingerprint: B467 FA46 E2CE 5FAC 3499 10C2 D8D1 FA8C A29C B19C
roled[3529]: 2015-04-09 15:56:03 ERROR:  From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-22-ppc64le
groupadd[3957]: group added to /etc/group: name=postgres, GID=26
groupadd[3957]: group added to /etc/gshadow: name=postgres
groupadd[3957]: new group: name=postgres, GID=26
useradd[3961]: new user: name=postgres, UID=26, GID=26, home=/var/lib/pgsql, shell=/bin/bash
roled[3529]: 2015-04-09 15:56:10 ERROR: <class 'rolekit.errors.RolekitError'>: INVALID_VALUE: Database name unset
"

"
rolekit deploy domaincontroler
Deployment can take a long time. To monitor the progress, run 
journalctl -ef -u rolekit
Error: INVALID_VALUE: admin_password unset
"

"journactl -ef -u rolekit" output(time-stamp and host-name omitted):

"
systemd[1]: Started rolekit - role server.
groupadd[4618]: group added to /etc/group: name=pkcs11, GID=990
groupadd[4618]: group added to /etc/gshadow: name=pkcs11
groupadd[4618]: new group: name=pkcs11, GID=990
groupadd[4625]: group added to /etc/group: name=ods, GID=989
groupadd[4625]: group added to /etc/gshadow: name=ods
groupadd[4625]: new group: name=ods, GID=989
useradd[4630]: new user: name=ods, UID=992, GID=989, home=//var/lib/softhsm, shell=/sbin/nologin
groupadd[4685]: group added to /etc/group: name=named, GID=25
groupadd[4685]: group added to /etc/gshadow: name=named
groupadd[4685]: new group: name=named, GID=25
useradd[4689]: new user: name=named, UID=25, GID=25, home=/var/named, shell=/sbin/nologin
groupadd[4747]: group added to /etc/group: name=tomcat, GID=91
groupadd[4747]: group added to /etc/gshadow: name=tomcat
groupadd[4747]: new group: name=tomcat, GID=91
useradd[4751]: new user: name=tomcat, UID=91, GID=91, home=/usr/share/tomcat, shell=/bin/nologin
groupadd[4777]: group added to /etc/group: name=cgred, GID=988
groupadd[4777]: group added to /etc/gshadow: name=cgred
groupadd[4777]: new group: name=cgred, GID=988
useradd[4851]: new group: name=apache, GID=48
useradd[4851]: new user: name=apache, UID=48, GID=48, home=/usr/share/httpd, shell=/sbin/nologin
useradd[4857]: failed adding user 'apache', exit code: 9
groupadd[4950]: group added to /etc/group: name=memcached, GID=987
groupadd[4950]: group added to /etc/gshadow: name=memcached
groupadd[4950]: new group: name=memcached, GID=987
useradd[4955]: new user: name=memcached, UID=991, GID=987, home=/run/memcached, shell=/sbin/nologin
roled[4555]: 2015-04-09 16:01:32 ERROR: <class 'rolekit.errors.RolekitError'>: INVALID_VALUE: admin_password unset
"

No packages seem to be missing with Beta_TC2 DVD install(disabled updates-testing repo as in test case) as postgres and freeipa-server are installed. Failure seems to me to be caused by not providing config(DB role passes with config). Is it correct assumption/expected behavior?( failures are the same on x86)
Comment 4 Stephen Gallagher 2015-04-09 15:22:48 UTC 
This is expected behavior. See the manpages: rolekit.roles.databaseserver(5) and rolekit.roles.domaincontroller(5) for the mandatory arguments. These need to be put in a JSON file and loaded by passing --settings-file=/path/to/settings.json on the rolectl command line.